Nighthawk Wallet iOS and ECC Reference Wallet iOS users need to update to the most recent variations in order to remediate a security vulnerability. No other wallets are impacted by this bug, and removal actions are detailed listed below.
In buggy variations of the wallets, when a user decided to include their wallet’s address in an outbound memo field utilizing the “Reply-To” function, the wallet would erroneously consist of the wallet’s secret seeing essential instead of the wallet’s address. If you utilize the Nighthawk Wallet or the ECC Reference Wallet for iOS, you can identify if you were impacted by taking a look at each of your wallet’s outbound deal memo fields and searching for any “Reply-To” parts that start with “zxview”. A field starting with “zxview” suggests that your wallet’s seeing secret was consisted of in the memo instead of the wallet’s address.
All users need to instantly update to the most recent variation of the wallet software application. If you were impacted by the bug, i.e., several of your outbound “Reply-To”’s starts with “zxview”, then the receivers of those memos will have the ability to see your wallet’s deal history, consisting of any memo field contents. Due to the irreversible nature of details saved on the blockchain, it is not possible to withdraw access to that details.
To avoid unintended seeing essential receivers from seeing any future deal information, you need to update your wallet to the most recent software application variation, develop a brand-new wallet, and move your funds to the brand-new wallet. Please back up your seed expression prior to trying this to decrease the threat of mistakenly losing funds in the procedure.
The bug existed in the ECC iOS Reference Wallet 0.3.7-105 codebase from May 6, 2021 to today. The devote consisting of the repair is readily available here and in variations of the ECC Reference Wallet 0.5.0-120 or later on (for testnet) and 0.4.0-117 or later on (for mainnet). The ECC iOS Reference Wallet has a really restricted circulation, nearly completely restricted to ECC workers.
Nighthawk was impacted since variation 1.9, which was launched on July 2, 2021. The bug has actually been repaired since variation of Nighthawk 1.21 which was launched July 11, 2021.
We wish to thank the Nighthawk Wallet designers for finding the bug and acting upon it instantly.